Website Security News
Attackers are always finding unique ways to avoid detection. Our teams regularly find malware on compromised websites which have been obfuscated to make it more difficult for webmasters to detect or understand. Obfuscation can take many forms, such as encrypting code or using complex algorithms…
Read More about Infected WordPress Plugins Redirect to Push Notification Scam
Since 2018, our team has been tracking an interesting type of website infection where the <title> tag of a hacked website is changed to Chinese text — changes which are…
Read More about Chinese Gambling Spam Targets World Cup Keywords
Since September 2022, our research team has tracked a surge in WordPress malware redirecting website visitors to fake Q&A sites via ois[.]is. These malicious redirects appear to be designed to…
Read More about Massive ois[.]is Black Hat Redirect Malware Campaign
When a website is hacked symptoms can sometimes include unexpected, unfamiliar and strangely located favicon or .ico files. Other symptoms might include: ”This site may be hacked” warnings Strange redirects…
Read More about How to Find & Remove Malware in Favicon (.ico) Files
For the latest malicious scripts, check out our SiteCheck Q3 Malware Trends report. Conducting an external website scan for indicators of compromise is one of the easiest ways to identify…
Editorial: This guide was last updated October 19th, 2022. If you’ve recently discovered that your WordPress site is redirecting other sites or unwanted ads, then your website may have been…
Read More about Website Malware Guide: How to Fix the WordPress Redirect Hack
Some weeks ago a critical unauthenticated privilege escalation vulnerability was discovered in old, unpatched versions of the wp-user-avatar plugin. It also allows for arbitrary file uploads, which is where we…
Read More about Vulnerable Plugin Exploited in Spam Redirect Campaign
Malicious redirect is a type of hack where website visitors are automatically redirected to some third-party website: usually it’s some malicious resource, scam site or a commercial site that buys…
Read More about WordPress Redirect Hack via Test0.com/Default7.com
We recently found an interesting phishing kit on a compromised website that has QR code capabilities, along with the ability to control the phishing page in real time. What our…
Read More about Real-Time Phishing Kit Targets Brazilian Central Bank
It’s not unusual to see website owners running things on a budget. Choosing a safe and reliable hosting company, buying a nice domain name, boosting posts on social media, and…
It’s not very often that we see abandoned components being used on a website — but when we do, it’s most often because the website was exhibiting malware-like behavior and…
Read More about The Dangers of Using Abandoned Plugins & Themes
![Massive ois[.]is Black Hat Redirect Malware Campaign Targets WordPress Sites](https://blog.sucuri.net/wp-content/uploads/2022/11/BlogPost_Feature-Image_1490x700_PHP-Login-Stealer-585x275.png)
